forget_param('thrd_ID');
$Messages->add(T_('The requested thread does not exist any longer.'), 'error');
$action = 'nil';
} else {
if (!$edited_Thread->check_thread_recipient($current_User->ID) && !$perm_abuse_management) {
// Current user is not recipient of this thread and he is not abuse manager
unset($edited_Thread);
forget_param('thrd_ID');
$Messages->add(T_('You are not allowed to view this thread.'), 'error');
$action = 'nil';
}
}
}
if (param('msg_ID', 'integer', '', true)) {
// Load message from cache:
$MessageCache =& get_MessageCache();
if (($edited_Message =& $MessageCache->get_by_ID($msg_ID, false)) === false) {
unset($edited_Message);
forget_param('msg_ID');
$Messages->add(T_('The requested message does not exist any longer.'), 'error');
$action = 'nil';
}
}
if (!$Messages->has_errors() && (empty($thrd_ID) || empty($edited_Thread))) {
// Display this error only when no error above
$Messages->add(T_('Can\'t show messages without thread!'), 'error');
$action = 'nil';
} else {
// Preload users to show theirs avatars
load_messaging_thread_recipients($thrd_ID);
}
/**
* Handle messaging module htsrv actions
*/
function handle_htsrv_action()
{
global $current_User, $Blog, $Session, $Messages, $samedomain_htsrv_url;
// Init objects we want to work on.
$action = param_action(true, true);
$disp = param('disp', '/^[a-z0-9\\-_]+$/', 'threads');
// Check that this action request is not a CSRF hacked request:
$Session->assert_received_crumb('messaging_' . $disp);
// Load classes
load_class('messaging/model/_thread.class.php', 'Thread');
load_class('messaging/model/_message.class.php', 'Message');
if (!is_logged_in()) {
// user must be logged in
debug_die('User must be logged in to proceed with messaging updates!');
}
// Check permission:
$current_User->check_perm('perm_messaging', 'reply', true);
// set where to redirect
$redirect_to = param('redirect_to', 'url', NULL);
if (empty($redirect_to)) {
if (isset($Blog)) {
$redirect_to = url_add_param($Blog->gen_baseurl(), 'disp=' . $disp);
} else {
$redirect_to = url_add_param($baseurl, 'disp=' . $disp);
}
}
if ($disp != 'contacts' && ($thrd_ID = param('thrd_ID', 'integer', '', true))) {
// Load thread from cache:
$ThreadCache =& get_ThreadCache();
if (($edited_Thread =& $ThreadCache->get_by_ID($thrd_ID, false)) === false) {
unset($edited_Thread);
forget_param('thrd_ID');
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Thread')), 'error');
$action = 'nil';
}
}
switch ($disp) {
// threads action
case 'threads':
if ($action != 'create') {
// Make sure we got a thrd_ID:
param('thrd_ID', 'integer', true);
}
switch ($action) {
case 'create':
// create thread
// check if create new thread is allowed
if (check_create_thread_limit()) {
// max new threads limit reached, don't allow to create new thread
debug_die('Invalid request, new conversation limit already reached!');
}
if (!create_new_thread()) {
// unsuccessful new thread creation
global $edited_Thread, $edited_Message, $thrd_recipients, $thrd_recipients_array;
$redirect_to .= '&action=new';
// save new message and thread params into the Session to not lose the content
$unsaved_message_params = array();
$unsaved_message_params['subject'] = $edited_Thread->title;
$unsaved_message_params['message'] = $edited_Message->text;
$unsaved_message_params['thrdtype'] = param('thrdtype', 'string', 'individual');
// alternative: discussion
$unsaved_message_params['thrd_recipients'] = $thrd_recipients;
$unsaved_message_params['thrd_recipients_array'] = $thrd_recipients_array;
save_message_params_to_session($unsaved_message_params);
}
break;
case 'delete':
// delete thread
// Check permission:
$current_User->check_perm('perm_messaging', 'delete', true);
$confirmed = param('confirmed', 'integer', 0);
if ($confirmed) {
$msg = sprintf(T_('Thread «%s» deleted.'), $edited_Thread->dget('title'));
$edited_Thread->dbdelete(true);
unset($edited_Thread);
forget_param('thrd_ID');
$Messages->add($msg, 'success');
} else {
$delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&thrd_ID=' . $edited_Thread->ID . '&action=delete&confirmed=1&redirect_to=' . $redirect_to . '&' . url_crumb('messaging_threads');
$ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
$cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
$msg = sprintf(T_('You are about to delete all messages in the conversation «%s».'), $edited_Thread->dget('title'));
$msg .= '<br />' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . "\t" . $cancel_button;
$Messages->add($msg, 'error');
}
break;
case 'leave':
// user wants to leave the thread
leave_thread($edited_Thread->ID, $current_User->ID, false);
$Messages->add(sprintf(T_('You have successfuly left the «%s» conversation!'), $edited_Thread->get('title')), 'success');
break;
case 'close':
// close the thread
// close the thread
case 'close_and_block':
// close the thread and block contact
leave_thread($edited_Thread->ID, $current_User->ID, true);
// user has closed this conversation because there was only one other user involved
$Messages->add(sprintf(T_('You have successfuly closed the «%s» conversation!'), $edited_Thread->get('title')), 'success');
if ($action == 'close_and_block') {
// user also wants to block contact with the other user involved in this thread
$block_user_ID = param('block_ID', 'integer', true);
$UserCache =& get_UserCache();
$blocked_User = $UserCache->get_by_ID($block_user_ID);
set_contact_blocked($block_user_ID, true);
$Messages->add(sprintf(T_('«%s» was blocked.'), $blocked_User->get('login')), 'success');
}
break;
}
break;
// break from threads action switch
// contacts action
// break from threads action switch
// contacts action
case 'contacts':
$user_ID = param('user_ID', 'string', true);
if ($action != 'block' && $action != 'unblock') {
// only block or unblock is valid
debug_die("Invalid action param");
}
set_contact_blocked($user_ID, $action == 'block' ? 1 : 0);
$redirect_to = str_replace('&', '&', $redirect_to);
break;
// messages action
// messages action
case 'messages':
if ($action == 'create') {
// create new message
create_new_message($thrd_ID);
} elseif ($action == 'delete') {
// Check permission:
$current_User->check_perm('perm_messaging', 'delete', true);
$msg_ID = param('msg_ID', 'integer', true);
$MessageCache =& get_MessageCache();
if (($edited_Message =& $MessageCache->get_by_ID($msg_ID, false)) === false) {
$Messages->add(sprintf(T_('Requested «%s» object does not exist any longer.'), T_('Message')), 'error');
break;
}
$confirmed = param('confirmed', 'integer', 0);
if ($confirmed) {
// delete message
$edited_Message->dbdelete();
unset($edited_Message);
$Messages->add(T_('Message deleted.'), 'success');
} else {
$delete_url = $samedomain_htsrv_url . 'action.php?mname=messaging&disp=messages&thrd_ID=' . $thrd_ID . '&msg_ID=' . $msg_ID . '&action=delete&confirmed=1';
$delete_url = url_add_param($delete_url, 'redirect_to=' . rawurlencode($redirect_to), '&') . '&' . url_crumb('messaging_messages');
$ok_button = '<span class="linkbutton"><a href="' . $delete_url . '">' . T_('I am sure!') . '!</a></span>';
$cancel_button = '<span class="linkbutton"><a href="' . $redirect_to . '">CANCEL</a></span>';
$msg = T_('You are about to delete this message. ') . '<br /> ' . T_('This CANNOT be undone!') . '<br />' . T_('Are you sure?') . '<br /><br />' . $ok_button . $cancel_button;
$Messages->add($msg, 'error');
}
}
break;
}
header_redirect($redirect_to);
// Will save $Messages into Session
}
$count_SQL = new SQL();
$count_SQL->SELECT('COUNT(*)');
// Get params from request
$s = param('s', 'string', '', true);
if (!empty($s)) {
$select_SQL->WHERE_and('CONCAT_WS( " ", u.user_login, u.user_firstname, u.user_lastname, u.user_nickname, msg_text ) LIKE "%' . $DB->escape($s) . '%"');
$count_SQL->FROM('T_messaging__message mm LEFT OUTER JOIN T_users u ON u.user_ID = mm.msg_author_user_ID');
$count_SQL->WHERE('mm.msg_thread_ID = ' . $edited_Thread->ID);
$count_SQL->WHERE_and('CONCAT_WS( " ", u.user_login, u.user_firstname, u.user_lastname, u.user_nickname, msg_text ) LIKE "%' . $DB->escape($s) . '%"');
} else {
$count_SQL->FROM('T_messaging__message');
$count_SQL->WHERE('msg_thread_ID = ' . $edited_Thread->ID);
}
// Create result set:
$Results = new Results($select_SQL->get(), 'msg_', '', 0, $count_SQL->get());
$Results->Cache =& get_MessageCache();
$Results->title = $params['messages_list_title'];
if (is_admin_page()) {
$Results->global_icon(T_('Cancel!'), 'close', '?ctrl=threads');
}
/**
* Callback to add filters on top of the result set
*
* @param Form
*/
function filter_messages(&$Form)
{
$Form->text('s', get_param('s'), 30, T_('Search'), '', 255);
}
$Results->filter_area = array('submit_title' => T_('Filter messages'), 'callback' => 'filter_messages', 'presets' => array('all' => array(T_('All'), get_dispctrl_url('messages', 'thrd_ID=' . $edited_Thread->ID))));
/*
/**
* Delete private messaged of the user
*
* @return boolean True on success
*/
function delete_messages()
{
global $DB, $Plugins, $current_User;
// Check permissions
// Note: If current user can moderate this user then it is allowed to delete all user data even if it wouldn't be allowed otherwise
if (!$current_User->can_moderate_user($this->ID)) {
// Note: if users have delete messaging perms then they can delete any user messages ( Of course only if the delete action is available/displayed for them )
$current_User->check_perm('perm_messaging', 'delete', true);
}
$DB->begin();
$MessageCache =& get_MessageCache();
$MessageCache->clear();
$MessageCache->load_where('msg_author_user_ID = ' . $this->ID);
$message_was_deleted = false;
while (($iterator_Message =& $MessageCache->get_next()) != NULL) {
// Iterate through MessageCache
// Delete a message from DB:
$iterator_Message->dbdelete();
$message_was_deleted = true;
}
if ($message_was_deleted) {
// at least one message was deleted
// Delete statuses
$DB->query('DELETE FROM T_messaging__threadstatus
WHERE tsta_user_ID = ' . $DB->quote($this->ID));
}
$DB->commit();
return true;
}
/**
* Get formatted message text
*
* @param integer Message ID
* @param string Thread title
* @return string Formatted message text
*/
function col_msg_format_text($msg_ID, $msg_text)
{
$MessageCache =& get_MessageCache();
if ($Message =& $MessageCache->get_by_ID($msg_ID, false, false)) {
// Get the prerendered content
$msg_text = $Message->get_content();
}
if (empty($msg_text)) {
return format_to_output($msg_text, 'htmlspecialchars');
}
/**** yura> This below code is moved to the Plugins and to $Message->get_content() :
// WARNING: the messages may contain MALICIOUS HTML and javascript snippets. They must ALWAYS be ESCAPED prior to display!
$msg_text = htmlentities( $msg_text, ENT_COMPAT, $evo_charset );
$msg_text = make_clickable( $msg_text );
$msg_text = preg_replace( '#<a #i', '<a rel="nofollow" target="_blank"', $msg_text );
$msg_text = nl2br( $msg_text );
****/
return $msg_text;
}